patterns/waf_patterns/nginx/enforcement.conf

# Nginx WAF rules for ENFORCEMENT
location / {
    set $attack_detected 0;

    if ($request_uri ~* "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt %{tx.max_num_args}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt %{tx.combined_file_sizes}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* ".([^.]+)$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "(?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@ge 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@endsWith .pdf") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt %{tx.max_file_size}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "['\";=]") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^d+$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^OPTIONS$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "charset.*?charset") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@pm AppleWebKit Android Business Enterprise Entreprise") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@pm AppleWebKit Android") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@validateByteRange 1-255") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "%u[fF]{2}[0-9a-fA-F]{2}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^.*$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt %{tx.total_arg_length}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "%[0-9a-fA-F]{2}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@streq JSON") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "(?i)x5cu[0-9a-f]{4}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@validateByteRange 9,10,13,32-126,128-255") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "b(?:keep-alive|close),s?(?:keep-alive|close)b") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "(?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^(?:GET|HEAD)$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@endsWith .pdf") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "(d+)-(d+)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@within %{tx.restricted_extensions}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@validateByteRange 32-36,38-126") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt %{tx.arg_length}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['\"w.()+,/:=?<>@#*-]+)*$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@streq POST") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@validateUtf8Encoding") {
        set $attack_detected 1;
    }

    if ($request_uri ~* ".[^.~]+~(?:/.*|)$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt 50") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@validateUrlEncoding") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^[^;s]+") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^0?$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@within %{tx.restricted_headers_basic}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "x25") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@contains #") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "charsets*=s*[\"']?([^;\"'s]+)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^0$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^(?:OPTIONS|CONNECT)$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@within %{tx.restricted_headers_extended}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@gt %{tx.arg_name_length}") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`# Nginx WAF rules for ENFORCEMENT`
			`location / {`
			`set $attack_detected 0;`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt %{tx.max_num_args}") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt %{tx.combined_file_sizes}") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* ".([^.]+)$") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "(?:^\|[^x5c])x5c[cdeghijklmpqwxyz123456789]") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@ge 1") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@endsWith .pdf") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt %{tx.max_file_size}") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122") {`
Update: [Tue Jan 7 00:27:08 UTC 2025] 2025-01-07 00:27:08 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "['\";=]") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Thu Jan 9 00:26:35 UTC 2025] 2025-01-09 00:26:35 +00:00			`if ($request_uri ~* "!@rx ^d+$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@rx ^OPTIONS$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "charset.*?charset") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@pm AppleWebKit Android Business Enterprise Entreprise") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@pm AppleWebKit Android") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@validateByteRange 1-255") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "%u[fF]{2}[0-9a-fA-F]{2}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "^.*$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s,?s){63}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt %{tx.total_arg_length}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "%[0-9a-fA-F]{2}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@streq JSON") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "(?i)x5cu[0-9a-f]{4}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@eq 0") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@validateByteRange 9,10,13,32-126,128-255") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "b(?:keep-alive\|close),s?(?:keep-alive\|close)b") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "(?:^([d.]+\|[[da-f:]+]\|[da-f:]+)(:[d]+)?$)") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "^(?:GET\|HEAD)$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@endsWith .pdf") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "(d+)-(d+)") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@within %{tx.restricted_extensions}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt 1") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@validateByteRange 32-36,38-126") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt %{tx.arg_length}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@rx ^[w/.+-]+(?:s?;s?(?:action\|boundary\|charset\|component\|start(?:-info)?\|type\|version)s?=s?['\"w.()+,/:=?<>@#-]+)*$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@streq POST") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@eq 1") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@validateUtf8Encoding") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* ".[^.~]+~(?:/.*\|)$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt 50") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@validateUrlEncoding") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "^[^;s]+") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@rx ^0?$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@within %{tx.restricted_headers_basic}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "x25") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@contains #") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt 0") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "^$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "charsets=s[\"']?([^;\"'s]+)") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@rx ^0$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@rx ^(?:OPTIONS\|CONNECT)$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@within %{tx.restricted_headers_extended}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "!@rx ^(?:(?:max-age=[0-9]+\|min-fresh=[0-9]+\|no-cache\|no-store\|no-transform\|only-if-cached\|max-stale(?:=[0-9]+)?)(?:s,s\|$)){1,7}$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s,?s){6}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@gt %{tx.arg_name_length}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

			`if ($attack_detected = 1) {`
			`return 403;`
			`}`
			`}`